Our website uses cookies. By continuing to use this site, you agree to our use of cookies in accordance with this notice and the Terms of Use.
Journals
Books
Monographies Textbooks
Submit manuscript
Home / Journals / Scientific and analytical journal «Vestnik Saint-Petersburg university of State fire service of EMERCOM of Russia» / Volume 2026 Issue 1 / FORMAL MODEL OF COMPUTER ATTACKS, BASED ON SYSTEM EVENT RECORDS OF THE OPERATING SYSTEM
FORMAL MODEL OF COMPUTER ATTACKS, BASED ON SYSTEM EVENT RECORDS OF THE OPERATING SYSTEM
Submit manuscript Download PDF
Text
To cite
Citations:

FORMAL MODEL OF COMPUTER ATTACKS, BASED ON SYSTEM EVENT RECORDS OF THE OPERATING SYSTEM
Aleksey V. Pavlychev 1
Authors:
1.  Far Eastern Federal University (information security center, director)

Type:
Article
DOI:
https://doi.org/10.61260/2218-130X-2026-1-159-169
Pages:
from 159 to 169
Status:
Published
Received:
13.02.2026
Accepted:
06.03.2026
Published:
11.04.2026
Subject area:
UDC 004.89
Language:
Russian
Keywords:
formal model, cyber attack detection, machine learning, classification, system event analysis, Event ID, random forest, cyber threats
Abstract and keywords
Abstract:
Modern computer attacks are characterized by the complexity of detection, the combination of various techniques and the active use of new technologies by attackers, which requires the development of intelligent approaches to their detection. The purpose of this work is to create a formal model that makes it possible to identify signs of computer attacks based on the analysis of operating system system events. As part of the practical application of the developed method, a marked-up dataset was obtained. Various machine learning algorithms have been used to detect computer attacks. A comparative analysis showed that the «Random Forest» algorithm demonstrates the best result. The accuracy of the developed classifier was 99,65 %. The results obtained confirm the high efficiency of using the formal model in practical activities for detecting computer attacks

Keywords:
formal model, cyber attack detection, machine learning, classification, system event analysis, Event ID, random forest, cyber threats
Text
Text (PDF): Read Download
References

1. Mallick M.A.I., Nath R. Navigating the cyber security landscape: A comprehensive review of cyber-attacks, emerging trends, and recent developments // World Scientific News. 2024. T. 190. № 1. P. 1–69. URL: https://worldscientificnews.com/wp-content/uploads/2024/01/WSN-1901-2024-1-69-1.pdf (data obrashcheniya: 07.02.2026).

2. Gribachyov A.S., Kal'shchikov V.V., Ruchaj A.N. Metody, algoritmy i bazy dannyh obnaruzheniya komp'yuternyh incidentov. // Vestnik UrFO. Bezopasnost' v informacionnoj sfere. 2024. T. 1. № 51. S. 45–52. DOI: DOI:https://doi.org/10.14529/secur240106.

3. A detailed analysis of benchmark datasets for network intrusion detection system / M. Ghurab [et al.] // Asian Journal of Research in Computer Science. 2021. V. 7. № 4. P. 14–33. URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3834787 (data obrashcheniya: 08.02.2026).

4. Enhancing network security via machine learning: opportunities and challenges / M. Amrollahi [et al.] // Handbook of big data privacy. 2020. P. 165–189. DOI:https://doi.org/10.1007/978-3-030-38557-6_8

5. Izrailov K.E., Bujnevich M.V. Metod obnaruzheniya atak razlichnogo geneza na slozhnye ob"ekty na osnove informacii sostoyaniya. Chast' 1. Predposylki i skhema // Voprosy kiberbezopasnosti. 2023. № 3 (55). S. 90–100. DOIhttps://doi.org/10.21681/2311-3456-2023-3-90-100

6. Izrailov K.E., Bujnevich M.V. Metod obnaruzheniya atak razlichnogo geneza na slozhnye ob"ekty na osnove informacii sostoyaniya. Chast' 2. Algoritm, model' i eksperiment // Voprosy kiberbezopasnosti. 2023. № 4 (56). S. 80–93. DOI:https://doi.org/10.21681/2311-3456-2023-4-80-93

7. Kocynyak M.A., Lauta O.S., Ivanov D.A. Matematicheskaya model' targetirovannoj komp'yuternoj ataki // Naukoemkie tekhnologii v kosmicheskih issledovaniyah Zemli. 2019. T. 11. № 2. S. 73–81. DOI:https://doi.org/10.24411/2409-5419-2018-10261

8. Imitacionnoe modelirovanie mnogoznachnyh komp'yuternyh atak / O.I. Sheluhin [i dr.] // I-methods. 2023. T. 15. № 4. S. 6.

9. Shaburov A.S., Nikitin A.S. Model' obnaruzheniya komp'yuternyh atak na ob"ekty kriticheskoj informacionnoj infrastruktury // Vestnik Permskogo nacional'nogo issledovatel'skogo politekhnicheskogo universiteta. Elektrotekhnika, informacionnye tekhnologii, sistemy upravleniya. 2019. № 29. S. 104–117.

10. Strukturno-funkcional'naya model' imitacii komp'yuternyh atak na avtomatizirovannye sistemy / V.A. Minaev [i dr.] // Vestnik Rossijskogo novogo universiteta. Ser.: Slozhnye sistemy: modeli, analiz i upravlenie. 2020. № 1. S. 3–16.

11. Zaharchenko R.I., Korolev I.D. Model' funkcionirovaniya avtomatizirovannoj informacionnoj sistemy v kiberprostranstve // Voprosy kiberbezopasnosti. 2019. № 6 (34). S. 69–78.

12. Dwyer J., Truta T.M. Finding anomalies in windows event logs using standard deviation // 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing. IEEE, 2013. P. 563–570.

13. Smiliotopoulos C., Barmpatsalou K., Kambourakis G. Revisiting the detection of lateral movement through Sysmon // Applied Sciences. 2022. T. 12. №. 15. P. 7746.

14. Pavlychev A.V., Starodubov M.I., Galimov A.D. Model' funkcionirovaniya vredonosnogo programmnogo obespecheniya na osnove analiza sistemnyh zhurnalov operacionnoj sistemy Microsoft Windows // Prikaspijskij zhurnal: upravlenie i vysokie tekhnologii. 2022. T. 66. № 4. S. 24–31.

15. Formirovanie razmechennogo nabora dannyh na osnove smodelirovannyh komp'yuternyh atak / A.V. Pavlychev [i dr.] // Bezopasnost' informacionnyh tekhnologij. 2025. T. 32. № 4. S. 1–18. DOI:https://doi.org/10.26583/bit.2025.4.01

16. A review of classification problems and algorithms in renewable energy applications / M. Pérez-Ortiz [et al.] // Energies. 2016. T. 9. № 8. P. 607. DOI:https://doi.org/10.3390/en9080607

17. Naidu G., Zuva T., Sibanda E.M. A review of evaluation metrics in machine learning algorithms // Computer science on-line conference. Cham: Springer International Publishing. 2023. P. 15–25. DOI:https://doi.org/10.1007/978-3-031-35314-7_2

18. Ayua S.I. Random forest ensemble machine learning model for early detection and prediction of weight category // Journal of Data Science and Intelligent Systems. 2024. T. 2. № 4. P. 233–240. DOI:https://doi.org/10.47852/bonviewJDSIS32021149

© journals.igps.ru
Agreement Personal data protection and processing policy Support Powered by Editorum,  Instructions
Login or Create
* Forgot password?